Skip to content

bug(standard_streams): console messages with the prefix “[main] INFO” if the configuration file in the INI format  #1250

Open
@Kristinita

Description

@Kristinita

1. Summary

If I use Bandit with the INI configuration, Bandit prints to console messages with the prefix [main] INFO even if user use the --silent command-line argument.

It looks like a bug and can cause problems when developing tools related to Bandit.

2. MCVE

2.1. Reproducibility

I reproduced the problem on Ubuntu and Windows.

  1. Ubuntu build on Travis CI
  2. Windows build on AppVeyor CI

2.2. Files

kira_valid_file.py:

print("Kira Goddess!")

bandit.yaml:

exclude_dirs:
- .venv

skips:
- B404

.bandit:

[bandit]

exclude = ./.venv

skips: B404

2.3. Behavior

2.3.1. Expected — legacy YAML configuration
bandit --configfile bandit.yaml --silent kira_valid_file.py

No output.

2.3.2. Non-desired — INI configuration
bandit --ini .bandit --silent kira_valid_file.py
[main]	INFO	Using ini file for skipped tests
[main]	INFO	Using command line arg for selected targets

Bandit always prints to console 2 extra lines. I can’t find how I can suppress them.

3. Justification of the need of the feature

3.1. Non-documented behavior

The documentation of the --silent command-line argument:

-q, --quiet, --silent

only show output in the case of an error

I haven’t errors, so Bandit shouldn’t print any messages.

3.2. SublimeLinter plugin doesn’t work

I created this bug report because it looks like these extra lines cause problems when developing tools related to Bandit.

I created the simple Bandit plugin for SublimeLinter.

from SublimeLinter.lint import PythonLinter, util


class Bandit(PythonLinter):
    cmd = ("bandit", "${args}", "--silent", "${file}")
    defaults = {
        "selector": "source.python"
    }
    error_stream = util.STREAM_BOTH
    multiline = True
    regex = (
        r"^>>\s+Issue:\s+\[(?P<code>[B]\d+):.*?\]\s+(?P<message>.*)$\r?\n"
        r".*?Severity:\s+(?:(?P<error>High)|(?P<warning>Medium|Low)).*\r?\n"
        r"(.*\r?\n)*?"
        r"^.*?Location:\s+.*?:(?P<line>\d+)(?::\d+)?\s*$\r?\n"
    )

If ${args} are --configfile bandit.yaml, this plugin shows errors inside Sublime Text IDE.

Else ${args} are --ini .bandit, the plugin doesn’t work, I get the warning in the Sublime Text console:

SublimeLinter: #3457 linter.py:823    WARNING: bandit output:
[main]	INFO	Using ini file for skipped tests
[main]	INFO	Using command line arg for selected targets

SublimeLinter.plugin.bandit [WARNING]: bandit output:
[main]	INFO	Using ini file for skipped tests
[main]	INFO	Using command line arg for selected targets

SublimeLinter: #3457 linter.py:824    Note: above warning will become an error in the future. Implement `on_stderr` if you think this is wrong.
SublimeLinter.plugin.bandit [INFO]: Note: above warning will become an error in the future. Implement `on_stderr` if you think this is wrong.
command: sublime_linter_failed {"filename": "D:\\SashaDemoRepositories\\SashaTravis\\kira_valid_file.py", "linter_name": "bandit"}
SublimeLinter: #3457 linter.py:1243   bandit: no output
SublimeLinter.plugin.bandit [INFO]: bandit: no output

Perhaps it’s possible to create a working SublimeLinter plugin for the Bandit INI configuration, but this is fraught with additional difficulties.

4. Environment

  1. Operating system:

    1. Local — Microsoft Windows [Version 10.0.22621.3085]
    2. Travis CI — Ubuntu 24.04.2 LTS Noble Numbat
    3. AppVeyor CI — Microsoft Windows [Version 10.0.17763.6189]
  2. Bandit 1.8.3:

    1. Local — python version = 3.13.2 (tags/v3.13.2:4f8bb39, Feb 4 2025, 15:23:48) [MSC v.1942 64 bit (AMD64)]
    2. Travis CI — python version = 3.13.1 (main, Feb 24 2025, 13:35:32) [GCC 13.3.0]
    3. AppVeyor CI — python version = 3.12.8 (tags/v3.12.8:2dc476b, Dec 3 2024, 19:07:15) [MSC v.1942 32 bit (Intel)]

Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions